The Government Accountability Office said a flawed pilot test of the Transportation Worker Identification Credential biometric readers raises questions about TWIC’s “premise and effectiveness in enhancing security.”
TWIC has been plagued by problems since it was launched shortly after the Sept. 11 attacks as a way to verify identification of those seeking unescorted access to secure areas of transportation facilities.
The Department of Homeland Security is still struggling to develop biometric readers for the cards. As a result, the cards now function merely as high-priced photo IDs. TWICs cost $129.75 for five years.
“DHS’s assumption that the lack of a common credential could leave facilities open to a security breach with falsified credentials has not been validated,” the GAO said. “Eleven years after initiation, DHS has not demonstrated how, if at all, TWIC will improve maritime security.”
The GAO said the DHS’s problems with implementing TWIC should prompt the agency to consider “a comprehensive comparison of alternative credentialing approaches, which might include a more decentralized approach, for achieving TWIC program goals.”
The GAO said a pilot test aimed at assessing the use of TWICs with card readers produced results that “were incomplete, inaccurate and unreliable for informing Congress and for developing a regulation” for the readers.
“Challenges related to pilot planning, data collection, and reporting affected the completeness, accuracy and reliability of the results. These issues call into question the program's premise and effectiveness in enhancing security,” the GAO said.
The report faulted the DHS for failing to follow the GAO’s 2009 recommendation for development of a plan to ensure that a pilot program would yield reliable information about how TWICs would be used with readers.
The GAO said the Transportation Security Administration and the independent test agent it hired failed to properly collect data on reader errors, malfunctions, cases in which access to facilities was denied, and baseline data for comparisons.
“TSA officials said challenges, such as readers incapable of recording needed data, prevented them from collecting complete and consistent pilot data. Thus, TSA could not determine whether operational problems encountered at pilot sites were due to TWIC cards, readers, or users, or a combination of all three,” the GAO said.
“DHS’s report to Congress documented findings and lessons learned, but its reported findings were not always supported by the pilot data, or were based on incomplete or unreliable data, thus limiting the report's usefulness in informing Congress about the results of the TWIC reader pilot,” the GAO said.
“For example, reported entry times into facilities were not based on data collected at pilot sites as intended. Further, the report concluded that TWIC cards and readers provide a critical layer of port security, but data were not collected to support this conclusion.
The GAO said that because the pilot results were unreliable, Congress should consider repealing its requirement that the secretary of homeland security use the test results to promulgate final rules for TWIC readers.
Instead, the GAO recommended that Congress require the DHS to base its regulation on an assessment of the effectiveness of using TWIC with readers for enhancing port security, and consider alternative credentialing plans, including a more decentralized approach.
“Given DHS's challenges in implementing TWIC over the past decade, at a minimum, the assessment should include a comprehensive comparison of alternative credentialing approaches, which might include a more decentralized approach, for achieving TWIC program goals.